CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

90 matches found

RedhatCVE•added 2026/04/22 7:22 a.m.•0 views

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

8.8CVSS5.7AI score0.00051EPSS

Exploits0References1

NVD•added 2026/04/21 1:16 a.m.•0 views

CVE-2026-39386

8.8CVSS0.00051EPSS

Exploits0References3

CVE•added 2026/04/21 12:50 a.m.•9 views

CVE-2026-39386

CVE-2026-39386 affects the Neko self-hosted virtual browser running in Docker with WebRTC. In versions 3.0.0–3.0.10 and 3.1.0–3.1.1, any authenticated user can escalate privileges to obtain full administrative control over the instance (e.g., member management, room settings, broadcast control, s...

8.8CVSS5.7AI score0.00051EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-33880

Name of the Vulnerable Software and Affected Versions Neko versions 3.0.0 through 3.0.10 Neko versions 3.1.0 through 3.1.1 Description An issue allows any authenticated user to obtain full administrative control of the Neko instance, including member management, room settings, broadcast control,...

8.8CVSS5.2AI score0.00051EPSS

Exploits0References12

SUSE CVE•added 2026/03/04 12:26 a.m.•1 views

SUSE CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.9AI score0.00059EPSS

Exploits0References3

OSV•added 2026/02/11 9:16 p.m.•2 views

UBUNTU-CVE-2026-26014

5.9CVSS5.9AI score0.00059EPSS

Exploits0References6

RedhatCVE•added 2026/01/23 9:16 p.m.•3 views

CVE-2025-67947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

7.1CVSS5.4AI score0.00064EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 4:51 p.m.•3 views

CVE-2025-67947 WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability

7.1CVSS5.9AI score0.00064EPSS

Exploits0References1

CNNVD•added 2026/01/22 12:0 a.m.•4 views

WordPress plugin AdForest Elementor has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00064EPSS

Exploits0References1

EUVD•added 2025/11/09 12:30 a.m.•4 views

EUVD-2025-38438

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...

6.5CVSS6.4AI score0.00285EPSS

Exploits1References5

NVD•added 2025/11/09 12:15 a.m.•2 views

CVE-2025-12916

9.8CVSS0.00285EPSS

Exploits1References4

OSV•added 2025/11/09 12:15 a.m.•0 views

CVE-2025-12916

9.8CVSS5.5AI score0.00285EPSS

Exploits1References4

Vulnrichment•added 2025/11/08 11:32 p.m.•2 views

CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

6.5CVSS6.4AI score0.00285EPSS

Exploits1References4

Cvelist•added 2025/11/08 11:32 p.m.•9 views

CVE-2025-12916 Sangfor Operation and Maintenance Security Management System Frontend portal_login command injection

6.5CVSS0.00285EPSS

Exploits1References4

CVE•added 2025/11/08 11:32 p.m.•18 views

CVE-2025-12916

CVE-2025-12916 affects Sangfor Operation and Maintenance Security Management System 3.0, specifically the Frontend component’s /fort/portal_login. The vulnerability arises from manipulating the loginUrl argument, enabling remote command injection. Public disclosures indicate exploitation is possi...

9.8CVSS6.7AI score0.00285EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/11/08 12:0 a.m.•4 views

PT-2025-45573

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions prior to 3.0.11 Description A command injection issue exists in the Sangfor Operation and Maintenance Security Management System. The issue is related to the manipulation of...

9.8CVSS6.5AI score0.00285EPSS

Exploits1References10

RedhatCVE•added 2025/10/15 2:55 p.m.•3 views

CVE-2025-27906

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified...

5.3CVSS6.5AI score0.00031EPSS

Exploits0References1

EUVD•added 2025/10/14 2:8 p.m.•2 views

EUVD-2025-34214

5.3CVSS6AI score0.00031EPSS

Exploits0References2

CNNVD•added 2025/10/14 12:0 a.m.•1 views

IBM Content Navigator 安全漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, and 3.2.0, which originate...

5.3CVSS6.1AI score0.00031EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-34360

Malicious code in bioql PyPI...

7.4CVSS8.7AI score0.00175EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by